Data breach exposes data of visitors to Clubs NSW venues
[ad_1]
ClubsNSW says it is “deeply concerned” following the discovery of a third-party data breach that could reveal details of Australians who visited a number of NSW clubs and RSLs, including prominent politicians.
The developers, subcontracted by the company that provides entry systems to the clubs, said they were able to post details of more than one million visitors online, prompting a NSW police investigation.
“ClubsNSW has been made aware of a cyber security incident involving a third party IT provider commonly used by hospitality venues including less than 20 clubs,” the governing body said in a statement this morning.
“Although limited information is known at this time, we understand that some personal data of club patrons who use this IT provider may have been compromised.”
“The clubs concerned are working to notify all affected patrons.”
ClubsNSW said the “appropriate authorities” had been notified and affected clubs had been offered support.
They warned clubgoers to be extra careful with unfamiliar emails or texts, especially those containing links to websites.
2GB Breakfast host Ben Fordham told the station the breach was “causing a lot of concern in the NSW Parliament”.
He said the apparent leak included data scanned when people entered the clubs, including facial recognition, driver’s license details, signatures and addresses.
“There’s a company that allegedly didn’t pay some software developers in the Philippines,” Fordham said.
“These software developers have already set up their own website and they basically said ‘we got access to all these systems, our bills haven’t been paid for a year and a half and we’re not happy about it’.”
Fordham cautioned that it is not clear whether searching for personal data on the website is safe.
“Politicians started putting their names on the website,” Fordham said.
“There are details crossed out, but enough to know they ‘have my data.’
“What they’re really doing is saying, look, if you don’t pay our bill, you can only let your imagination know what happens next.”
West Tradies at Mt Druitt, City of Sydney RSL and Fairfield RSL are among those taking part.
The website claiming to reveal the data carries a statement from the people behind it, claiming they were “cut off” and not paid.
It says it has data including “biometric facial recognition data, driver’s license scan, signature, club membership details, address, birthday, phone number, club visit timestamps, slot machine usage”.
The site claims the systems provider has been hired to “build a suite of software systems” for casinos and clubs in Asia, Australia and the US.
“The developers were given access to the back-end systems of these game locations and were given responsibility to maintain the systems and were instructed to back up the data to the cloud,” it said.
“Developers gained access to raw data without any oversight…
“Then [the company] abruptly cut off developers and refused to pay for a year and a half of work.”
Clubs NSW are understood to have had an emergency meeting.
Fordham said bar giant Merivale was also affected.
NSW Police said officers from the State Crime Command’s cyber crime unit were “investigating a potential data breach”.
We have contacted Clubs NSW, Merivale and the entry system provider for comment.
[ad_2]